Google discloses unpatched Windows zero-day exploited in the wild

Google researchers disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation.

Security researchers from Google have disclosed a zero-day vulnerability in the Windows operating system, tracked as CVE-2020-17087, that is currently under active exploitation.

Ben Hawkes, team lead for Google Project Zero team, revealed on Twitter that the vulnerability was chained with another Chrome zero-day flaw, tracked as CVE-2020-15999, that Google recently disclosed.

Google researchers expect a patch for this zero-day flaw to be available on November 10. The Director of Google’s Threat Analysis Group, Shane Huntley (@ShaneHuntley), confirmed that the vulnerability was exploited in targeted attacks that are not related to the forthcoming US election.

Google did not provide info on the attackers that have already exploited the flaw, but experts speculate that they were nation-state actors.

The Chrome zero-day is a sandbox escape issue, it allows attackers to escape Chrome’s secure container and run code on the underlying operating system.

“We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline.” reads Google’s advisory.

“The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).”

The Google Project Zero team notified Microsoft last week and gave the company seven days to address the vulnerability, but unfortunately, Microsoft has yet to fix it.

The vulnerability affects all Windows versions between Windows 7 and the most recent Windows 10 release.

Google researchers also published a proof of concept code to exploit this vulnerability.

In March 2019, Google disclosed that that threat actors were chaining a Chrome zero-day (CVE-2019-5786) with a Windows zero-day (CVE-2019-0808) in attacks in the wild.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Windows zero-day)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.